This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function. | |
VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
Vendor of Product: https://github.com/jsonpickle/jsonpickle | |
Affected Product Code Base: JsonPickle Python Module | |
Attack Type: Remote | |
Impact Code execution : True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | |
VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
Vendor of Product: http://jyaml.sourceforge.net (see yaml.org) | |
Affected Product Code Base: jyaml Java library | |
Attack Type: Remote |